How to Disable ICMP Redirects in Suse/openSUSE Linux for security

How to Disable ICMP Redirects in Suse/openSUSE Linux for security

ICMP Redirects are used to update hosts of optimal alternate routes to a destination. These are updates normally sent by routing devices when the router becomes aware of an alternate route to reach a destination than the current one. This method is not very efficient and can cause security concerns.

However, this can be fixed at run time (dynamically) without having to reboot the PC or server running Suse Linux or OpenSuse operating system or at boot time (system startup).

This disables ICMP Redirect accept & Send on all the interfaces completely. However, this can be done at the interface level as well. Simply replace “all” in the above command with the interface name (for example “eth0”)

Again, for Ipv6 replace “ipv4” in the above commands and at the interface level replace “all” with the interface name (ex: “eth0”)

All of the above doesn’t require a system reboot and changes are instant. However, the changes are lost when the system is restarted the next time.

Permanent Setting at Boot time

In order to have these settings at the boot time, you need to add the equivalent entries for the above commands in the /etc/sysctl.conf configuration file. Simply edit the /etc/sysctl.conf file and add the following entries:

For IPv4

net.ipv4.conf.all.accept_redirects = 1

net.ipv4.conf.all.send_redirects = 1

Ipv4 at interface level

net.ipv4.conf.eth0.accept_redirects = 1

net.ipv4.conf.eth0.send_redirects = 1

For Ipv6

net.ipv6.conf.all.accept_redirects = 1

net.ipv6.conf.all.send_redirects = 1

Ipv6 at interface level

net.ipv6.conf.eth0.accept_redirects = 1

net.ipv6.conf.eth0.send_redirects = 1

Thats it. The next time, you reboot the PC, the settings are still there!!!